Manualshelf

HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
919293949596979899100
10.3 The ipfilter Utility (HP-UX 11i v3)
The ipfilter utility enables, disables, and reports the IPFilter state. The ipfilter utility is
supported only on HP-UX 11i v3.
10.3.1 Syntax
/opt/ipf/bin/ipfilter -d|e|q|l|ei|di
10.3.2 Options
-e
Enables the HP-UX IPFilter module.
-d
Disables the HP-UX IPFilter module.
-q
Queries the HP-UX IPFilter module and displays whether it is enabled or disabled.
-l
Lists the interfaces and shows which are protected or unprotected by IPFilter.
-ei
Enables IPFilter in interactive mode.
-di
Disables IPFilter in interactive mode.
CAUTION: HP recommends that you enable or disable IPFilter when interrupting network
connectivity is not disruptive. HP recommends that you do not enable or disable HP-UX IPFilter
when critical network applications are running.
Disabling or enabling IPFilter using briefly brings down all IP interfaces, then brings up only
the IP interfaces configured in the /etc/rc.config.d/netconf and /etc/rc.config.d/
netconf-ipv6 files. IP addresses not configured in the netconf or netconf-ipv6 file, such
as Serviceguard relocatable IP addresses, are not re-enabled.
Enabling or disabling IPFilter causes the system to briefly lose network connectivity. If a system
has several IP interfaces or there is heavy network traffic, the time required to re-establish network
connectivity might be interpreted as a network or card failure. For example, Serviceguard might
interpret a network interruption as a card failure, which can cause it to reform the cluster.
NOTE: The state of HP-UX IPFilter (enabled or disabled) remains the same after the system
reboots. After you have enabled HP-UX IPFilter, there is no need to disable it or re-enable it for
normal operation.
10.3.3 Example
Because enabling HP-UX IPFilter brings down all the network interface cards and then brings
them back up, HP recommends that you query the current IPFilter state using the ipfilter
-q command to verify that you need to enable it.
# /opt/ipf/bin/ipfilter -q
# /opt/ipf/bin/ipfilter -e
10.4 The ippool Utility
The ippool utility is used to manage information stored in the IP pools subsytem of IPFilter.
For more information, see Chapter 7 (page 73) or the ippool(8) manpage.
10.4.1 Syntax
ippool -options
10.3 The ipfilter Utility (HP-UX 11i v3) 99